DATA PRIVACY POLICY

We provide complete transparency for fair data processing!

Last updated: 17/05/2018

I. General information on data processing

We, Habermaass GmbH, August-Grosch-Str. 28-38, 96476 Bad Rodach (hereinafter referred to as HABA), are responsible for processing your data pursuant to s. 4(7) of the EU General Data Protection Regulation (GDPR) when you visit our website.

If you have any questions regarding data privacy, you can reach our Data Protection Officer by post: Habermaass GmbH, Data Protection (Datenschutz) Postfach 1107, 96473 Bad Rodach, or by email: internet(at)haba.de with the subject: Data Protection (Datenschutz)

The following policy gives you an overview of how we guarantee the protection of your data under GDPR. In particular, we would like to explain to you as a visitor to our website what kind of data we collect, why we collect this data, how we use this data, and how you can at any time determine how your personal data is handled. When you contact us by post, email, or via a contact form, the data you communicate is saved by us in order to be able to respond to your questions. We delete the data collected in this context after storage is no longer necessary, or we restrict pro-cessing if legal retention requirements exist.

II. What data is stored, and for what purpose?

HABA will collect and use your personal data for the processing of orders with either mandatory fields in our online shop or questions for telephone orders. The following information is required:

Gender, name; date of birth, address, and email address.

Other information is optional. In order to be able to handle and ship your order, we share your data to the delivery service which handles shipment. We may also share your payment data with our bank. The legal basis for this is s. 6(1)(1)(b) GDPR.

You may optionally create a customer account, which we use to store your data for later purchases. When you create an account under "My Account", the information you provide is revocably stored.

HABA may also process the data you have provided in order to inform you by mail regarding other interesting products from our entire portfolio, in accordance with s. 6(1)(1)(f) GDPR, or send you emails with technical information about our webshop.

HABA also offers other services such as wish lists, birthday specials, surprise packages, etc. that you can use, if interested. For this purpose it is sometimes nec-essary to provide other personal data in order to provide your desired service. Your data must sometimes be shared with our carefully selected service providers in order to provide these services. HABA currently offers the following services:

•    Sending of a newsletter with current offers
•    Registration as a My HABA user
•    Participation in other promotions
•    Participation in sweepstakes
•    Personalization of your product orders (for example, the name of your child printed on or with the gift)
•    Spare Parts Service

If our service providers or partners have their headquarters in a country outside the European Economic Area (EEA), we will notify you of this circumstance in the description of the offer.

If you later decide that you no longer want to use our services, you can object to the data processing at any time with future effect. To do this, send a message to internet(at)haba.de or by post to Habermaass GmbH, Data Protection (Datenschutz), Postfach 1107, 96473 Bad Rodach.

Child data - Our website is not intended for persons under the age of 16 years, and we ask that persons under 16 years of age please abstain from providing us with any personal data.  Such data may only be provided by the legal guardian or with the guardian's consent. If we learn that we have unlawfully collected the personal data of a child under 16 years of age, we will initiate steps for the quickest possible deletion of this data.

III. Information about the newsletter

With your consent, you can subscribe to our newsletter, which we use to provide you with information about current interesting offers. In this context, the newsletter sent by HABA can also in part be used to advertise goods and services from our en-tire group of companies, if they correspond with your interest in our products. Our group of companies includes: Habermaass GmbH as well as its sales division Heldbergs, Wehrfritz GmbH, Jako-o Familystore GmbH & Co. KG, Project Schul- und Objekteinrichtungen GmbH, Jako-o Möbel und Spielmittel für die junge Familie GmbH, as well as its sales divisions FIT-Z and Qiero!. To support email shipping, we use the services of Emarsys – emarsys eMarketing Systems AG, Marchstrasse 1, 1150 Vienna.

When you register for our newsletter, we use the so-called double opt-in method. This means that after you have registered, we send an email to the email address you have provided. In this email we ask you to confirm that you wish to receive the newsletter. For this purpose we store your IP addresses and the times of registration and confirmation. The purpose of the method is to prove your registration and, if necessary, to provide information about any possible misuse of your personal data.

The only information required to receive the newsletter is your email address. Providing any other separately marked data is optional and this data will be used to be able to personally address you. After you have confirmed, we store your email address for the purpose of sending the newsletter. The legal basis for this is s. 6(1)(1)(a) GDPR.

You can withdraw your consent to the newsletter at any time and cancel your subscription to the newsletter. You can declare your revocation by clicking on the link provided in each newsletter by sending a corresponding email to internet(at)haba.de or by post to Habermaass GmbH, Data Protection (Datenschutz), Postfach 1107, 96473 Bad Rodach.

IV. What happens when you visit the HABA website?

When you only use our website for informational purposes, in other words if you do not register or otherwise provide information, we collect the personal data that your browser sends to our server. This data is technically necessary for us to display our website to you and to be able to ensure stability and security, s. 6(1)(1)(f) GDPR:

IP address; date and time of the request; time zone difference; content of the request; access status/HTTP status code; quantity of data transferred; website from which the request was forwarded; browser; operating system and its environment; language and version of the browser software.

Customer surveys - on our website, non-personal customer surveys are carried out from time to time to improve our products and services as well as for technical im-provement of our website. Only the data sent by your browser is transmitted to us.

In addition to the aforementioned data, cookies are stored on your end device when you use our website.

V. What are cookies?

Our website uses so-called cookies at several places. Cookies help to make our offerings more user-friendly, effective, and secure.

A cookie is a small data file that we transfer to your browser when you surf on our website. A cookie can only contain information that we send to your end device itself – private data cannot be read. We have no access to your personal information, but we can identify your browser using cookies.

We use cookies for the following purposes:

  • In order to recognize you on future visits so that we can display your desired preferences in your shopping basket (language, delivery country, user name).
  • To enable you to use other specific services: for example, display of the page in your language, personalization of our website, etc.
  • To make it easier to customize our website to meet the needs of our customers.

We use "persistent" cookies: this means that you only need to enter your user name once on websites requiring login.  "Persistent" cookies can be manually removed by the user. "Persistent" cookies are stored by us for 3,000 days. We also use cookies for displaying advertisements. These cookies are stored for no longer than two years. After that, they are automatically deleted.

Most browsers automatically accept cookies. The help function in the menu bar of most web browsers explains how to prevent your browser from accepting new cookies, how to ensure that your browser notifies you when you receive a new cookie, as well as how you can disable all received cookies. If you disable cookies, certain features on our website may not be available, and some webpages may not be displayed properly. The websites youronlinechoices.com and meine-cookies.org inform you about usage-based and behaviour-based online advertising and how to avoid it.

VI. Web analytics and online advertising

When you visit our website, we conduct analyses to learn, for example, what information is the most sought or the path by which you came to access our website. Our analytics tools require the determination of individual visitors to evaluate individual behaviour. Personal identification is however in principle not necessary because only statistical data is to be created. Therefore, IP addresses are typically only collected in shortened form, which is also required by the procedures of supervisory authorities.

The legal basis for processing this analytical data is our legitimate interest in understanding how our customers interact with our website so that we can optimize the user experience and the functions of our website, s. 6(1)(1)(f) GDPR.

The aim of online advertising is to personalize as much as possible the design of advertisements according to your interests. Technically, online tracking is usually accomplished using advertising IDs, with which the providers of advertising networks create user profiles using cookies, and which activates advertising displays on the basis of the cookie profile when a website is accessed. Through the use of tracking pixels on our website, the user's visit to our website causes cookies to be stored by the advertising partners on the user's end devices. This makes it possible for us to provide the user with interesting offers, even outside of our website.

Below, some third party providers for analytical services, online advertising, and similar services, with which we currently have partnerships, are listed.

a) Creation of pseudonymous usage profiles for web analytics – Episerver Inc.

On this website, data for marketing and optimization purposes is stored using technologies by Episerver Inc., 542 Amherst Ave, Nashua, New Hampshire 03063 (https://www.episerver.de). This data allows us to specifically match our internet sites to your interests and provide you with a personalized service. This is done by analyzing your user behaviour using the products that you have already shown interest for in our shop. The analysis is carried out using cookies that are stored on your computer or mobile end device. These cookies enable us to recognize your browser when visiting our website again. Usage profiles are created exclusively using pseudonyms (email hashes) and are not combined with your personal data. If you do not wish to use our personalized website service, either delete the cookies stored on your device upon visiting our website, or change the settings on your web browser so that generally no cookies can be stored on your computer.

The legal basis for the processing of your data is s. 6(1)(1)(1)(f) GDPR. For more information on data processing by Episerver, please visit https://www.episerver.de/legal/privacy-statement/. Episerver is compliant with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.


b) "Google Analytics" and "Google Tag Manager"

Our website uses Google Analytics and Google Tag Manager, web analytics services by Google Inc. ("Google"). Google Analytics and Google Tag Manager use so-called "cookies", text files that are stored on your computer and that make it possible to analyze your use of the website. This allows us to regularly improve our website and make it more interesting. The legal basis for the use of Google Analytics is s. 6(1)(1)(1)(f) GDPR.

The information generated by the cookie about your use of our website (including your IP address) will be transmitted to a Google server in the USA and stored there. Google will use this information to evaluate your use of the website, to compile reports on website activity for us as the website operator, and also to provide services connected to website use and internet use. Google may also transfer this information to third parties if this is required by law or if third parties pro-cess this data on behalf of Google. Google will not associate your IP address with other Google data. By using this website you consent to the processing of data about you by Google in the manner and for the purposes set out above. The collection and storage of data can be objected to at any time with future effect.

In addition, you can also prevent the collection of data created by the cookie associated with your use of the website (incl. your IP address) by Google as well as processing of this data by Google by downloading and installing (using the following link) the browser plug-in available at the following link.

Alternatively to the browser add-on or within browsers on mobile devices, please click on this link, in order to prevent the collection of data by Google Analytics within this website in the future (the opt-out only works in the specific browser you are using and only for this domain). This stores an opt-out cookie on your device. If you delete your cookies in this browser, you must click on this link again.

Information of the third party provider: Google Dublin, Google Ireland Ltd., Gor-don House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

VII. Use of social media

Social plug-ins

Our website uses "social plug-ins". Currently, this is the plug-in of the Facebook service, Google+, Twitter, WhatsApp and Pinterest. You can recognize the provider of plug-ins by means of the label on the box with the first letter of its name or the logo. We provide you with the option of communicating directly with the provider of the plug-in via the button. Only if you click on the selected field and activate it, the plug-in provider receives notification that you have accessed the website with our online content. This plug-in may under certain circumstances be used to send information, which may include personal data, to the service provider. This information may be used by the service provider. Our website is prevented from the undetected and undesired collection and transmission of data to the service provider by means of a "2 click solution". To activate a desired plug-in, the corresponding switch must simply be enabled. The collection of information and its transmission to the service provider is first triggered by this activation of the plug-in. Our website does not collect any personal data by means of the social plug-in or through its use.

Our website has no influence on which data is collected by an activated plug-in and how it is used by the provider.

If you do not want social networks to collect data on you via our website, you must log out of the social networks before you visit our website.

We have included the social plug-ins of the following companies on our website:

Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications as well as http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook is compliant with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=en. Google is compliant with EU-US-Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework.

Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter is compliant with EU-US-Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework.

Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA, https://policy.pinterest.com/en/privacy-policy.

WhatsApp Inc., 1601 Willow Road, Menlo Park, California 94025, USA;  https://www.whatsapp.com/legal/#privacy-policy. WhatsApp is compliant with EU-US-Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework.

Integration of YouTube videos

We have integrated YouTube videos into our website that are stored at http://www.YouTube.com and can be directly played by our website. These are all integrated in "extended data protection mode", i.e. that no data is transmitted via you as a user to YouTube if you do not play the videos. Only when you play the videos will the data listed below be transmitted. We have no influence on this data transmission.

By visiting the website, YouTube receives the information that you have accessed the corresponding page on our website. The data referred to in Section IV of this policy is also transmitted. This is done independently of whether YouTube provides a user account that you have logged into or whether there is no user account. If you are logged into Google, your data is directly attributed to your account. If you do not wish for this attribution to be made with your YouTube profile, you must log out prior to activating the button. YouTube stores your data as a user profile and uses it for the purposes of advertising, market research, and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide advertising that is de-mand-oriented and in order to notify other users of the social network about your activities on our website. You have the right to object to the creation of this user pro-file. To exercise this right, you must address your objection to YouTube.

For further information on the purpose and scope of data collection and processing by YouTube, please visit their Privacy Policy. There you also receive further information on your rights and settings: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and is compliant with the EU-US-Privacy Shield, https://www.privacyshield.gov/EU-US Framework.

Integration of Cliplister videos

We have integrated the service Cliplister-Videos (provider is the Cliplister GmbH, Schauenburgerstraße 116, 24118 Kiel) into our online offer, which are stored on https://www.cliplister.com and which can be downloaded directly from our website. stored and are directly playable from our website. These are all integrated in "extended data protection mode", i.e. that no data is transmitted via you as a user to Cliplister if you do not play the videos. Only when you play the videos will the data listed below be transmitted. We have no influence on this data transmission.

If you access this Cliplister website or Cliplister services through a browser, application or other client software, Cliplister will automatically store and process data dur-ing the communication process. These server logs may include the following information: web request, interaction with a service, IP address (Internet Protocol ad-dress), browser type, language of the browser, date and time of the request, and one or more cookies representing the user's browser or uniquely identify the user ac-count. After completion of the communication process, the IP address is anony-mized. The anonymized data is evaluated for statistical purposes.

For further information on the purpose and scope of data collection and processing by Cliplister, please visit their Privacy Policy. There you also receive further infor-mation on your rights and settings: https://www.cliplister.com/disclaimer.html.

VIII. With which categories of recipients might we share your data?

We do not sell the data we collect. We share the information we receive with third parties exclusively with the scope described below:

  • Companies within our group (Habermaass GmbH as well as its sales division Heldbergs, Wehrfritz GmbH, Jako-o Familystore GmbH & Co. KG, Pro-ject Schul- und Objekteinrichtungen GmbH, Jako-o Möbel und Spielmittel für die junge Familie GmbH, as well as its sales divisions FIT-Z and Qiero!) for reconciliation of the address database, if this is either subject to this Privacy Policy or it complies with policies that provide at least as much pro-tection as this Privacy Policy.
  • We contract with other companies and individuals to perform tasks for us. Examples include (among other examples) support for the organization of events, sending of letters or emails, maintenance of our contact lists, analysis of our databases, and advertising campaigns. These service providers receive from us the personal information that is required to perform their tasks. However, they may not use this for other purposes. They are also required to handle the information in accordance with this Privacy Policy as well as German data protection laws.
  • Within the requirements of s. 6(1)(f) GDPR, we allow carefully selected shipping companies, brand manufacturers, and publishing houses and companies within our corporate group to send you information and offers as advertising communication. Only that data which is permitted by law is shared for third-party marketing purposes. If you do not wish for this to take place, you can object at any time to our use of your data for advertising purposes.
  • In all other cases, we will inform you if personal information is shared with third parties.

IX. Data security

In order to avoid loss or misuse of the data we have stored, we take extensive technical and operational security precautions that are regularly checked and adapted to technological progress. We use SSL (RSA 1024 Bit) as encryption and security software. This method is successfully used across the World Wide Web. You can recognize that you are browsing securely when you see a symbol (closed padlock) in your browser's lower window bar.

All of your personal data (name, address, credit card number, bank code, account number, etc) is thus encrypted and securely transmitted on the internet.

Only our HABA server can decrypt your data. During the transmission, unauthorized persons cannot read your information!

However, it is also your responsibility to protect the data you have made available by means of encryption or other measures against misuse.

X. How long do we store your data?

We generally anonymize and/or delete your personal data as soon as it is no longer necessary for the purposes mentioned above and if no legal requirements for detec-tion and storage (e.g. according to the Commercial Code or Tax Code) require further storage.

XI. What rights do you have?

The GDPR regulates the rights of the "data subject" in s. 15-12 GDPR. Therefore, you have at any time the right to obtain information about the data stored with respect to your person, its origin, and recipient, as well as the purpose of storage. In addition, you are entitled to request, under certain conditions, the deletion of your data as well as a restriction of processing, the correction of your data, and the transfer of your data in a common machine-readable format. This also applies to the right to obtain information about the existence of automated decision-making, including profiling according to s. 22(1) and (4) GDPR and – at least in these cases – mean-ingful information about the logic involved as well as the scope and desired effects of such processing with respect to your person.

Please direct your matter by email to internet(at)haba.de or by post to Habermaass GmbH, Data Protection (Datenschutz), Postfach 1107, 96473 Bad Rodach.

Objection or revocation of consent to the processing of your data

If you have granted consent to the processing of your data, you can revoke this consent at any time. Such a revocation influences the permissibility of processing your personal data after you have declared this revocation of consent to us.

If we justify the processing of your personal data on the basis of overriding interest in accordance with s. 6(1)(1)(f) GDPR, you can object to the processing of your personal data. This is the case, if processing is not necessary, in particular to fulfil a contract with you. When exercising such an objection, we ask for the reasons why we should not process your personal data as we have done. If we have a reasoned objection, we review the circumstances and will either discontinue or adjust data processing or show our overriding legitimate grounds for continuing to process the data.

You can of course object at any time to the processing of your personal data for the purposes of advertising and data analysis. Please direct your matter by email to internet(at)haba.de or by post to Habermaass GmbH, Data Protection (Datenschutz), Postfach 1107, 96473 Bad Rodach.

XII. Which complaints office can you contact?

You have the option of contacting the Data Protection Officer at the address specified above or of contacting a data protection supervisory authority. The data protection supervisory authority we are subject to is:

Data Protection Authority of Bavaria

for the Private Sector (Bayerisches Landesamt für Datenschutzaufsicht)
Postfach 606
91511 Ansbach
Germany
Phone: +49 (0) 981 53 1300
Fax: +49 (0) 981 53 98 1300
Email: poststelle@lda.bayern.de

If you wish to file a complaint, you can use the online complaint form of the data protection authority (available at: https://www.lda.bayern.de/de/beschwerde.html).

XIII. Our full contact information

Habermaass GmbH
August-Grosch Str. 28 - 38
96476 Bad Rodach
Tel.:     +49 9564 60100
Fax:     +49 9564 662300
E-mail:  internet(at)haba.de
Internet: www.haba.de

Managing Partner: Klaus Habermaass
Managing Director: Harald Grosch, Karl Fischer
Entry in commercial register: Local Court (Amtsgericht) Coburg, HRB 256

Habermaass GmbH is part of the HABA family of companies.